summaryrefslogtreecommitdiffabout
path: root/etc
authorSergey Poznyakoff <gray@gnu.org.ua>2013-01-01 15:08:48 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2013-01-01 15:08:48 (GMT)
commitfad678ec27c7f37da83ddf3ba3a96196a962c238 (patch) (side-by-side diff)
tree77197087a6c6c45c26cdd766c34b41f04891ce2d /etc
parent142ce19b4072be33c209edf1d04a221d3bab7ac6 (diff)
downloadwydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.gz
wydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.bz2
Version 2.2. Happy GNU Year.
Diffstat (limited to 'etc') (more/less context) (ignore whitespace changes)
-rw-r--r--etc/wydawca.rc20
1 files changed, 18 insertions, 2 deletions
diff --git a/etc/wydawca.rc b/etc/wydawca.rc
index d40cf35..08c51dd 100644
--- a/etc/wydawca.rc
+++ b/etc/wydawca.rc
@@ -278,8 +278,8 @@ The Project Submission Robot
EOT;
}
-/* Make sure the distributed tarball does not contain a security hole
- * described in CVE-2009-4029. Reject it, if it does.
+/* Make sure the distributed tarball does not contain security vulnerabilities
+ * CVE-2012-3386 and CVE-2009-4029. Reject it, if it does.
* See `info wydawca verification', for a description of check-script.
*
* Note: this script relies on GNU tar and grep.
@@ -288,6 +288,22 @@ check-script <<EOT
case ${WYDAWCA_DIST_FILE} in
*.tar|*.tar.*)
if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \
+ --wildcards --no-wildcards-match-slash '*/Makefile.in' | \
+ grep -q 'chmod a+w'; then
+ fmt <<_EOF_
+Some of the Makefile.in's in ${WYDAWCA_DIST_FILE} contain a locally
+exploitable race condition (see CVE-2012-3386[1], for more details).
+
+Please, rebuild your package using Automake v. 1.11.6 / 1.12.2
+or newer and resubmit.
+_EOF_
+ cat <<_EOF_
+--
+[1] https://security-tracker.debian.org/tracker/CVE-2012-3386
+_EOF_
+ exit 1
+ fi
+ if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \
--wildcards --no-wildcards-match-slash '*/Makefile.in' | \
grep -q 'perm -777'; then
fmt <<_EOF_

Return to:

Send suggestions and report system problems to the System administrator.